Security over the Public Cloud: Security has been a constant concern over the public cloud from several angles
- Data on shared storage infrastructure: How secure is my data on such a shared resource? How segregated is my data from my competition? Will plain encryption mechanisms be sufficient?
- Authentication and Authorization: How will authentication mechanism over the cloud work? Will the corporate authentication controls extend to cover public cloud? Or would public clouds maintain their own authentication directories that override the enterprise laid out identities?
- Data longevity and recovery: What if my cloud provider gets acquired? How would recovery of data work across geographies. Will recovering my data be governed by the rules laid out in the country where my data resides?
Seamlessly moving applications across hybrid clouds: Application movement across private and public clouds to take advantage of the infinite elasticity of public clouds is a problem not fully resolved yet. How would data access happen across the enterprise firewall? Will it throw open security loopholes for hackers to exploit? Companies like Rightscale have been tinkering on solutions that address this problem.
Risk & Compliance: Enterprises are accountable to their customers for the integrity of data. However when this data is pushed over public cloud - who assumes responsibility for data integrity? Would it be the onus of the cloud provider or joint ownership between the cloud provider and the enterprise? Definitive answers and workable models are being explored still.
here
No comments:
Post a Comment